Tag Info

Well, the definition of a PRP says that given an oracle access to either PRP or a truly random permutation the adversary cannot tell which permutation is behind it (i.e. random or pseudorandom). Formally, for every adversary $A$, for every positive polynomial $p$ and for the sufficiently large $n$'s ($n$ is the security parameter) it holds that:
$ | ...

For CBC mode, the IV can be generated in any manner where it would be unpredictable to an attacker from one message to the next. In practice that means a random number generator of some kind. Since the block size is 128-bits, the probability of IV repeat before the key expiration is negligible. The CBC IV is visible to an attacker viewing your ciphertext; as ...

I think the best reference for the exact way block modes work is the Wikipedia article on the matter:
http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
(They can be found in a lot of books, Wiki is just easier to reach).
Regarding the IV exchange, AES by itself doesn't do such a thing. Generally, secret exchange is done using asymmetric ...

To show that a family of functions is not a PRP, you have to either show that the functions are not permutations or that they do not behave pseudo-randomly. As it is already established that the functions are in fact permutation you need to show the latter.
For a family of permutations to be a PRP means that it is computationally infeasible to distinguish a ...

CTR mode encryption, instantiated with a secure block cipher, is IND-CPA secure under the usual definition (Bellare et al., 1997; Rogaway, 2011).
The term "mult-CPA" does not appear to be in widespread use, but it's found e.g. in these German lecture slides (Kiltz, 2011). In the slides, it is defined (on slide 66) in a similar way as ordinary IND-CPA ...

No, that's not possible as long as the security of AES as a block cipher is not weakened.
In CTR mode a counter is encrypted using AES, and the result of that is XOR'ed with the plaintext. The counter actually consists of a nonce part and a counter part. Both the nonce and counter are known by a possible attacker.
If anybody would just be encrypting zeros ...